NSA Apologist Offers Solutions To 'Encryption' Problem, All Of Which Are Basically 'Have The Govt Make Them Do It'
from the wishful-thinking dept
Benjamin Wittes, one of the NSA apologists ensconced at Lawfare, has written a long piece in defense of FBI head James Comey’s assertions that there must be some way tech companies can give him what he wants without compromising the privacy and security of every non-terrorist/criminal utilizing the same broken encryption.
What he suggests is highly problematic, although he obviously pronounces that word as “pragmatic.” He implies the solution is already known to tech companies, but that their self-interest outweighs the FBI’s push for a “greater good” fix.
The theory is that companies have every incentive for market reasons to protect consumer privacy, but no incentives at all to figure out how to provide law enforcement access in the context of doing so.
There’s some truth to this theory. Tech companies are particularly wary of appearing to be complicit in government surveillance programs as a couple of years of leaks have done considerable damage to their prospects in foreign markets.
Wittes suggests the government isn’t doing much to sell this broken encryption plan, despite Comey’s multiple statements on the dangers posed by encrypted communications. And he’s right. If the government truly wants a “fix,” it needs to start laying the groundwork. It can’t just be various intel/law enforcement heads stating “we’re not really tech guys” and suggesting tech companies put the time and effort into solving their problems for them.
If we begin—as the computer scientists do—with a posture of great skepticism as to the plausibility of any scheme and we place the burden of persuasion on Comey, law enforcement, and the intelligence community to demonstrate the viability of any system, the obvious course is government-sponsored research. What we need here is not a Clipper Chip-type initiative, in which the government would develop and produce a complete system, but a set of intellectual and technical answers to the challenges the technologists have posed. The goal here should be an elaborated concept paper laying out how a secure extraordinary access system would work in sufficient detail that it can be evaluated, critiqued, and vetted; think of the bitcoin paper here as a model. Only after a period of public vetting, discussion, and refinement would the process turn to the question of what sorts of companies we might ask to implement such a system and by what legal means we might ask.
Thus ends the intelligent suggestions in Wittes’ thinkpiece. Everything else is exactly the sort of thing Comey keeps hinting at, but seems unwilling to actually put in motion. It’s the government-power elephant in the room. Actually, several elephants. It’s the underlying, unvocalized threat that lies just below the surface of Comey’s government-slanted PR efforts. Wittes just goes through the trouble of vocalizing them.
First, he gives Comey’s chickenshit, ignorant sales pitch a completely disingenuous, self-serving reading. Comey has refused to acknowledge the fact that what he’s seeking is not actually possible. He claims he doesn’t have the tech background to make more informed assertions while simultaneously insisting the solution exists — and could easily be found if only these tech companies were willing to apply themselves.
[Comey] is talking in very different language: the language of performance requirements. He wants to leave the development task to Silicon Valley to figure out how to implement government’s requirements. He wants to describe what he needs—decrypted signal when he has a warrant—and leave the companies to figure out how to deliver it while still providing secure communications in other circumstances to their customers.
The advantage to this approach is that it potentially lets a thousand flowers bloom. Each company might do it differently. They would compete to provide the most security consistent with the performance standard. They could learn from each other. And government would not be in the position of developing and promoting specific algorithms. It wouldn’t even need to know how the task was being done.
In Wittes’ estimation, Comey is being wise and promoting open innovation, rather than just refusing to openly acknowledge that his desire to access and intercept communications far exceeds his desire to allow millions of non-criminals access to safer connections and communications.
Wittes goes on to offer a handful of “solutions” to the Second Crypto War. Not a single one includes the government growing up and learning to deal with the new, encrypted status quo. He follows up the one useful suggestion — government research exploring the feasibility of the proposed encryption bypass — with one of his worst ideas:
If you simply require the latter [law enforcement access] as a matter of law, [tech companies] will devote resources to the question of how to do so while still providing consumer security. And while the problems are hard, they will prove manageable once the tech giants decide to work them hard—rather than protesting their impossibility.
There’s not a worse idea out there than making certain forms of encryption illegal to use in the United States. But Wittes tries his hardest to find equally awful ideas. Like this one, which would open tech companies to an entire new area of liability.
Another, perhaps softer, possibility is to rely on the possibility of civil liability to incentivize companies to focus on these issues. At the Senate Judiciary Committee hearing this past week, the always interesting Senator Sheldon Whitehouse posed a question to Deputy Attorney General Sally Yates about which I’ve been thinking as well: “A girl goes missing. A neighbor reports that they saw her being taken into a van out in front of the house. The police are called. They come to the home. The parents are frantic. The girl’s phone is still at home.” The phone, however, is encrypted.
Wittes quotes Whitehouse’s statements, in which he compares encryption to industrial pollution and suggests tech companies — not the criminal in question; not the investigators who are seemingly unable to explore other options — be held liable for the criminal’s actions. Wittes poses a rhetorical question — one that assumes most of America wants what Comey wants.
Might a victim of an ISIS attack domestically committed by someone who communicated and plotted using communications architecture specifically designed to be immune, and specifically marketed as immune, from law enforcement surveillance have a claim against the provider who offered that service even after the director of the FBI began specifically warning that ISIS was using such infrastructure to plan attacks? To the extent such companies have no liability in such circumstances, is that the distribution of risk that we as a society want?
Holding companies responsible for the actions of criminals is completely stupid. Providing encryption to all shouldn’t put companies at risk of civil suits. The encryption isn’t being provided solely for use by bad guys. It makes no more sense than holding FedEx responsible for shipments of counterfeit drugs. And yet, we’ve seen our government do exactly that, in essence requiring every affected private company to act as deputized law enforcement entities, despite there being no logical reason to put them in this position. Wittes feels the best solutions involve the government forcing companies to bend to its will, and provide compromised encryption under duress.
The final solution proposed by Wittes is to let everything go to hell and assume the political landscape — along with tech companies’ “sympathies” — will shift accordingly. This would be the “let’s hope for the tragic death of a child” plan:
[W]e have an end-to-end encryption issue, in significant part, because companies are trying to assure customers worldwide that they have their backs privacy-wise and are not simply tools of NSA. I think those politics are likely to change. If Comey is right and we start seeing law enforcement and intelligence agencies blind in investigating and preventing horrible crimes and significant threats, the pressure on the companies is going to shift. And it may shift fast and hard. Whereas the companies now feel intense pressure to assure customers that their data is safe from NSA, the kidnapped kid with the encrypted iPhone is going to generate a very different sort of political response. In extraordinary circumstances, extraordinary access may well seem reasonable.
If this does happen, Wittes’ assumption will likely be correct. Politicians have never been shy about capitalizing on tragedies to nudge the government power needle. This will be no different. One wonders why no one has come forward with a significantly compelling tragedy by this point, considering the wealth of encryption options currently on the market. A logical person would assume this lack of compelling anecdotal evidence would suggest encryption really hasn’t posed a problem yet — especially considering the highly-motivated sales pitches that have been offered nonstop since Google and Apple’s announcement of their encryption-by-default plans. The “problem” Comey and others so desperately wish to “solve” remains almost entirely theoretical at this point.
But the FBI and others aren’t going to wait until the next tragedy. They want the path of least resistance now. The solutions proposed by Wittes are exactly the sort of thing they’d be interested in: expanded government power and increased private sector liability. This is why Comey has no solution to offer. There is none. There is only the option of making companies do what he wants, but he’s too wary of public backlash to actually say these things out loud. Wittes has saved him the trouble and proven himself no more trustworthy than those who want easy access, no matter the negative implications or unintended consequences of these actions.
Filed Under: backdoors, ben wittes, encryption, going dark, nsa, surveillance
Comments on “NSA Apologist Offers Solutions To 'Encryption' Problem, All Of Which Are Basically 'Have The Govt Make Them Do It'”
Unicorns
When people say that unicorns don’t exist, they just haven’t looked hard enough.
Re: Unicorns
Your analogy doesn’t work because unicorns aren’t real. Sasquatches, on the other hand, are totally real.
Re: Re: Unicorns
That’s just mean. Just because Comey is 6’8″ and has the problem-solving skills of a cro-magnon cryptid, doesn’t mean you should insult sasquatches everywhere with such a comparison.
I would bet the FBI would create the next tragedy as another fake terrorist attack.
Re: Tin Foil Hat
This is tin foil hat territory, but recent revelations prove the government would do such things.
Consider this possibility:
The women shot in SF by the illegal immigrant was setup by federal agents.
1) ICE transferred a mentally unstable man to the SF sheriff based on an ancient warrant that they should have known wouldn’t be enough to hold him on.
2) A BLM agent gave his weapon to ICE agents and reported it stolen.
3) The ICE agents rigged the weapon to go off and then planted it near the illegal immigrant.
4) The illegal immigrant picked up the weapon, it went off as planned, and Homeland Security got a lot of people blaming SF about their policy of non-cooperation.
A few years ago, I would have immediately dismissed such a theory as being totally tin foil hat territory. Now, I can’t be so sure.
Because of what we know has happened, we must assume the official investigation procedure for missing children is something like:
1) Determine if phone is encrypted.
a) If not, continue investigation.
b) If so, hold press conferences to lament that there is nothing you can do. Then wait until your are confident child is dead to find body.
Therefore, we, the people, must hold the authorities culpable if they fail to recover a child when their cell phone has been encrypted.
If that’s not fair to the authorities investigating, so sad, too bad. That’s what happens when you abuse the trust people have placed in you, even if you are a government.
What these people are ignoring is that people have all sorts of legal reason for talking to each other without the government listening in. This includes people involved in peaceful opposition to those in power, lawyers defending people and human rights workers wherever they are.
Re: Re:
They’re not ignoring that, they just don’t think that matters, because if you’re not doing something illegal, why would the government be interested?
Never mind that it lays things wide open for abuse. The goverment would never abuse its power, right?
Re: Re: A key that cannot be abused.
I say we skip the step and simply build an encryption system that cannot be abused.
If our magical encryption system cannot be used to encrypt evidence of crime, then law enforcement, even the government need not concern themselves with end-to-end encrypted data.
That would be a relief to all and solve all problems.
I bet we could go one further and make a data transmission protocol that cannot be used only for good purposes. Then the government never need go online.
Re: Re: Re: A key that cannot be abused.
It should be done a a lower level as proposed in rfc3751. (Warning pdf).
Re: Re: Re:
This is all I hear in these “debates”:
Let’s stick a fork in the light socket here…
If tech companies are liable in the kidnapped kid+encrypted iPhone, wouldn’t the same logic hold firearms manufacturers liable for crimes caused by the use of their product?
And now removing the fork from the light socket, a serious question.
The NSA employes many, many mathematicians and cryptographers. The NSA and GCHQ had public-key cryptography years before their re-discovery by public research. So if the government is so interested in finding a unicorn, why don’t they foot the bill for searching for the unicorn?
Re: Re:
“If tech companies are liable in the kidnapped kid+encrypted iPhone, wouldn’t the same logic hold firearms manufacturers liable for crimes caused by the use of their product?”
What about the manufacturer of a car used in a kid napping?
Re: Re: Re:
Let’s charge the parents of the kidnapped kid.
Had they never procreated their would not have been a kid with an encrypted iPhone to get kidnapped in the first place!
If we just stop the root cause of these problems we could achieve global peace in about 1 century!
Re: Re: Re: Re:
I’d say if they give a minor child a smartphone and don’t take basic precautions (i.e. insist that she give them the password as long as she lives under their roof and they pay her phone bill), that’s negligence on their part.
Re: Re: Re:2 Kidnapping is particularly rare.
If your family is wealthy enough that they’re at high risk at kidnapping for extortion, aka, the Hearsts, Lindberghs or Sinatras, then you get them a panic-ring system and software that governs their phone location data.
For the rest of us, we’re far more susceptible to abduction by the police because they think we’re ugly and the local DA is hungry for convictions, than we are to be abducted off the street into human trafficking.
Remember that. If they arrest you and get into your phone, all your data will be used to convict you and put you into jail, probably for some detail you didn’t realize was a legal offense.
And unless you’re someone famous, they won’t consider it a missing person for days, and presume little Suzie ran away from home to try to get to grandmas house.
Re: Pachyderm alert!
In fact, strong crypto used to be controlled under ITAR, considering it little different from sophisticated weapons which were not to be marketed to foreign entities.
I wish these guys would just admit the elephant in the room: that strong crypto gets in the way of their continued attempt to enforce Prohibition (known today as “The War On Drugs”). That’s their real problem. I don’t believe them when they say they’re just trying to protect everyone from terrorists and child pornographers! They’re really just trying to prop up their failed business model, Prohibition. The DEA’s getting no nearer to winning that war, and are in fact losing it badly, just as badly as Prohibition was originally lost. They’ve militarized the police, come to consider themselves fighting a war against domestic insurgents, are tapping the communications of damned near everyone on the planet, are pissing off even (nominal) allies with their nozyness, yet can’t bring themselves to accept the truth: Prohibition didn’t work and was actually a disaster, and considering crypto to be as dangerous as offensive weapons is still as foolish today as it was in the ’90s. Saddling ordinary law abiding people with crippled crypto won’t help them win it either.
Finally, I’ll just suggest they consider what all my past employers told their people: “If you can’t do your job, then quit!” There’s plenty of people out here who’d love to pull down the kind of salaries these people get.
Re: Re:
Actually, there were a spate of lawsuits against firearms merchants and manufacturers, until the NRA flexed its muscle and had them barred by law. It may be prudent for Silicon Valley to invest in a few coin-operated politicians and get a similar shield in place.
The answer to “The girl’s phone is still at home. The phone, however, is encrypted.” is the same as the answer to this “The girl’s phone is not at home. The phone, however, is not on the network.”. Sounds like good ‘ol detective work will need to be done in BOTH cases.
Re: Re:
In Comey’s favorite scenario I could never see why breaking the encryption on the phone is vital to finding the abducted girl. If the girl has the phone with her they should still be able to get the telco to use the pings from the cell tower to locate her, encryption or not.
In the case where the phone is left at home there is another option: If this is a young girl she may consider the phone to be “hers”, when in reality it is probably the parents that bought it for her and are paying for her service. In that case the parents could (and should) require their daughter to give them the unlock code/key/password/whatever as a condition for having the phone. Call it “parental key escrow”. In that case the police would probably not even need a warrant as the parents would likely give them access without even being asked.
What does the phone have anything to do with it.
If a girl has been kidnapped, and her phone is at home, then there is NO reason for the police to even bother with the phone. It can’t be tracked and most likely has nothing to do with the kidnapping. And if it does have something to do with the kidnapping, then they can damn well get the telephone company to tell them what calls were made to and from the phone so they can contact those people who were at the other end of recent communications.
So in other words, bringing up kidnapping and phone encryption is nothing more than a lame attempt to make the audience emotionally receptive to an idiot’s argument.
LOL The FBI have an end to end encryption issue, The rest of us do not. The greater good is served by strong end to end crypto make no mistake.
You don’t trade secure communication (relatively) for the “Maybe” the FBI offers that it will “possibly” be useful in the future to have the FBI break into systems. What kind of shit deal is that?
They are offering us literally NOTHING and asking to take away secure communication just to have another “Tool in their bag” its absurd and what they are asking for is dangerously ignorant.
The debate they're avoiding
All of the discussions rest on the assumption that the government falls into the class of trustable good guys. Given the widespread and rampant history of abuse the government has regarding these sorts of powers,this is not something that we can just assume to be true.
And no, the requirement to get a warrant does not address the issue.
This is the fundamental debate we need to have before any technological discussion can have any importance. And it is exactly the debate that those in favor of spying are trying their hardest to avoid.
Re: The debate they're avoiding
I have an even simpler idea…why not require all U.S. citizens to install cameras that record every room in their home and around their property at all times? The video is stored in secure, government facilities and will only be accessed with a warrant or for national anti-terrorism efforts.
Think about all the benefits; you don’t even need a phone to find where the bad guys are. If someone breaks into your house, there is now video evidence. Domestic violence? Video evidence. And it will only be used to protect you!
How could anyone possibly object? If you have an issue, you must have something to hide!
Re: Re: The debate they're avoiding
The upside is that such a suggestion would require pushing gigabit fiber to every household…
::always look on the bright side of life::
Re: Re: Re: The debate they're avoiding
The upside is that such a suggestion would require pushing gigabit fiber to every household…
Not necessarily. 320×200 video, at 1/5 time (so, about six frames a second,) mp4 encoded, doesn’t use that much bandwidth. I routinely push 12 streams to a remote site using around 1-1.5 mbps. That works perfectly fine on a 10 mbps connection. Sucks if you actually want to use the line for something else (like watch netflix,) but it is do-able. Whether that would be enough for prosecution (usually all they need is a single frame showing the suspect and the victim,) would depend on the courts, the video is pretty watchable and should be useful.
As much as I’d love gig, this probably wouldn’t need that much bandwidth.
Re: Re: Re:2 The debate they're avoiding
But a 320x200x1.5 video wouldn’t save the little girl! You need a gigabit stream to be able to do that!
Re: Re: The debate they're avoiding
“I have an even simpler idea…why not require all U.S. citizens to install cameras that record every room in their home and around their property at all times?”
That has already been proposed by the chief of police of Houston, Texas. Seriously.
Re: Re: Re: The debate they're avoiding
That has already been proposed by the chief of police of Houston, Texas. Seriously.
And if that isn’t evidence it’s an awful idea, I don’t know what is!
Re: Re: Re: The debate they're avoiding
well,people willingly do it in the too-many so-called ‘reality’ shows…
hee hee hee
why not everybody be their own reality show star ! ! !
ho ho ho
then everybody can watch everybody…
ha ha ha
and won’t nobody get away with nuthin’…
ak ak ak
Re: Re: Re:2 The debate they're avoiding
So they’ll pay us all like reality TV actors?
Re: The debate they're avoiding
You are exactly right and they have proven themselves untrustworthy. They have lied and denied all sorts of eavesdropping only to later have it shown to be true. They cannot be trusted ever again with the keys to the kingdom. Once your credibility is gone, it is nearly impossible to regain it.
Re: The debate they're avoiding
Here’s the problem – to other governments, the US is not a ‘good guy’. So no other country on this Earth is going to purchase a US companies product that has encryption on it.
Alternate problem – other governments will want their magic key, too. What then?
Re: Re: The debate they're avoiding
Director Comey addressed this in his recent statements before Congressional Committees by assuring that only the service providers would retain the backdoored-encrypted data, not the government. Presumably these corporations would not be compelled to respond to warrants from other nations, but would be for US-issued warrants.
But then, as Jamie Zawinski would say, “now you have two problems”.
Re: Re: Re: The debate they're avoiding
“presumably these corporations would not be compelled to respond to warrants from other nations, but would be for US-issued warrants.”
Or money. money is also compelling. Especially when you’ve got a country sized bank account. Ask the staff over at the Hacking Team.
Also on the list of compelling things: blackmail, drugs, a gun to your significant other(s) (and/or children(s) ) heads, etc. In fact, most people would find any of these more compelling on a personal, visceral basis than a little piece of paper with “warrant” printed on it.
And if you’re going to build in a master key that unlocks pretty much all of the interesting crypto in the country, none of the above items are melodramatic scenarios.
Re: The debate they're avoiding
Suppose an encryption/decryption tool is created and it suffers from all the weaknesses discussed here and elsewhere. Especially the so-called “trusted” user weakness.
Now suppose one difference. This tool has a public blockchain built into it recording the use of the tool.
Okay government, here’s your backdoor. Except, everyone gets to see when and how that backdoor is used. Everyone!
Just a thought experiment, not saying possible, but could such a tool guide better use and behavior?
Re: Re: The debate they're avoiding
“Now suppose one difference. This tool has a public blockchain built into it recording the use of the tool.”
Technically, it might be possible. However, you’d very quickly learn the ins and outs of what the terms “state secrets” and “gag order” mean.
Let me take a guess as how this would end...
If he were granted his wet dream and they would force the tech companies to come up with something, how long would he wait for a result?
He preaches that the solution should be discussed and viable, but when months has passed and the solution to an impossible problem hasn’t presented itself, he is simply just gonna blame the tech companies and go “just give us the damn bloddy keys to everything. Viable solution be damned”.
There is NO solution, but they are not going to give up and reconsider when none are found. Instead they are going to go for the “best” solution at the time which will put all of us at major risk.
The Government needs to put it in their contracts
All encryption in software products sold to the government is required to have a back-door decryption available to law enforcement available through the vendor.
Hang in there, Ben! I’ve got my folks hard at work on a solution for you.
Signed,
Santa
Mr Wittes: just say what you really want to say here or whatever your handlers have written for you.
End to end?
I suppose I must have a very different definition of end-to-end encryption. One where the middle doesn’t hold the keys, and physically cannot decrypt the message?
I wonder if this guy realizes that you don’t grant access to *the* government, you have to grant access to all governments. Is he comfortable with the Chinese government being able to decrypt any phone they get their hands on?
Re: Re:
Mr Comey provided a dishonest answer to that question at the Senate hearings a week ago.
Mr Comey said that he considers it a desirable outcome if the PRC obtains access to your data. It was a dishonest answer, though, because he qualified it by saying that he would be overjoyed if the PRC used a warrant process overseen by a neutral magistrate to get your data. But he knows that’s not going to happen.
So all we’re left with is that— Mr Comey feels comfortable with the PRC having access to your data.
Re: Re: Re:
“Them, they, us, good guys, bad guys”. A large part of the problem with the debate is that it’s not sufficiently personal for those directly involved with it.
“Mr. Comey, please state for the record that you are comfortable with law enforcement and intelligence community members (whom have a legitimate interest, albeit under an entirely separate justice system) from Russia and China utilizing the Unicorn-key you’re suggesting we mandate to decrypt all of your personnel correspondence and financial information, at will and without your knowledge.”
or maybe one better:
“Mr. Comey, are you prepared to explain to Mr. Chaney that staffers at the International Court of Justice in The Hague, Netherlands, utilized your mandated Unicorn-key to acquire sufficient privileged information to indict Mr. Chaney on War Crimes related charges which led to the extradition warrant in front of me?”
Re: Re: Re: Re:
For the record, see Mr Comey’s testimony before Senate Judiciary on July 8, 2015, in response to a question from the senior senator from Utah, Orrin Hatch, at just a little bit after the 1:45:10 mark in the archived webcast.
Re: Re: Re:2 Re:
Yeah, that’s an awfully big caveat, even for a politician.
In the real world, he doesn’t get to implement that caveat. The Chinese pass a law, which is as entirely valid as a law passed in the US, and now they have an entirely legal reason to demand the unicorn-key.
Re: Re: Re:3 Re:
It was a dishonest and evasive answer, from someone that we should be able to expect straight answers from—whether or not the FBI director is under oath.
Re: Re: Re: Re:
“”Them, they, us, good guys, bad guys”. A large part of the problem with the debate is that it’s not sufficiently personal for those directly involved with it.”
Actually, the problem is that these people think they’re in some sort of Hollywood movie but haven’t yet graduated to the likes of spaghetti westerns and Dirty Harry which thrived on how grey the real world is. They’re still acting out the kind of black hat/white hat fantasy that the generation before mine (at least) rejected as childish.
Re: Re: Re:2 The Big Country
I recommend The Big Country, 1958, Gregory Peck about a mild-mannered sea captain trying his hand at cattle ranching and finding himself in the middle of a range feud. Black hats and white hats are firmly in place, but no longer mean what they commonly signified in 50’s horse opera.
It’s a good gateway film to bridge frin the clean dileations in horse opera to the complex haikus of spaghetti western.
Learn how to communicate in code, now
These surveillance mongers would be laughable if their their liberty-destroying agenda wasn’t so dangerous. How long will they whisper this poison before the same twats that authored the Patriot and USA Freedom Acts eventually pass legislation that disallows Apple et al. from offering encryption?
How about making companies liable when they refuse to encrypt and a hack occurs, or identity theft, or stolen credentials, etc.
Just a Though
Someone should crowdfund a campaign, to buy this man a 6 foot tall Stuffed Unicorn, with a necklace that reads “My Name Is Encryption”…
government is NOT unhackable
If someone hacked the government then all encrypted stuff is compromised.
The government has already demonstrated their inability to create unhackable systems.
Therefore the government is not worthy of having access to everyone’s keys.
When the government can demonstrate an unhackable system where data cannot be stolen even through rogue workers they can ask for a conversation about storing everyone’s keys. Until then they can piss off.
Police state supporters
People like Comey, Witte et al. should take a little time to see what happened to other police state proponents once the police state was established (to protect the fatherland/motherland, of course). Ernst Roehm, chief of the SA who had his door kicked in and was executed. Lavrentii Beria, Stalin’s secret police chief later executed.
People like them learn nothing from history. Nothing at all. “This time it will be different!” Fools…
But they do care....
“It’s all about the greater good!”
-Hot Fuzz
http://m.youtube.com/watch?v=yUpbOliTHJY
Re: But they do care....
The greater good
It's not just the appearance of being complicit that's bad for business...
It’s not just the perception of being complicit that’s a problem for companies – the odds of being able to stay secretly complicit are decreasing by the week:
Oh, and apparently to a variety of US Government agencies (state and federal levels).
It warms my heart to to see that the good, well-meaning folks at Hacking Team were only selling their law-enforcement friendly spyware to US Designated “good guys”, and weren’t in any way influenced by the potential for financial gain by any countries listed by the US as repressive regimes. Oh. Wait…
What a great day for hackers like me. Any back doors are perfect for exploitation. Thank you usa.
To be blunt, the tech companies need to take the same hardass attitude as the gun industry (i.e. “dead-child shmed-child”) and pull enough strings to make it officially not their problem (again, just like the gun industry did).
Consider this
Today, when enemies of the US capture US-made weapons (or when we give weapons to friends who later become enemies), our own weapons can end up being used against us, our allies, or for other purposes that our government would not approve of.
The solution to this would be to design a kill switch into our weapons. But this isn’t happening, probably because the military and manufacturers rightly realize that the technology would not be infallible, and the military worries that somehow the technology could fail or be subverted, putting American lives at risk.
So let’s table this discussion of backdoor access to encrypted data until the military solves the kill switch dilemma. They’ve got smart people, they should simply solve this problem to demonstrate how to take a seemingly intractable technology challenge and use the sheer force of intellect to overcome it. Then our encryption experts will be humbled and will dedicate themselves to designing an infallible backdoor to encrypted data.
Re: Consider this
You’re being sarcastic right? If so, then might I add that we should also invest in psychics who can read the minds of potential criminals so that we can finally put an end to crime once and for all…
Re: Re: Consider this
Definitely sarcasm. Kill switches in our own gear would never be accepted by the military for exactly that reason. Hell, our gear breaks down all the time without built-in failure mechanisms.
You want to know how you deal with the enemy using your gear against you? First, take care of your shit, and don’t leave it unguarded, so they can’t get much of it in the first place. Second, if they do get it, kill them.
Lots of people believe that the U.S. military is the strongest in the world because of our technology, but while it helps, that’s not really the primary reason we win wars. Our military is strongest because of two things; training and number of troops. The best gear in the world with someone who isn’t trained properly and doesn’t have the resource support structure will be overcome by someone with moderate gear that has better training and/or more people.
I know the military is unpopular with a lot of people on this site…no problem, you can have your own opinion. But the U.S. military is not respected around the world purely because of our toys; there is real training and skill behind our forces.
It’s really too bad we keep getting used for stupid crap that we shouldn’t be doing. We’re very effective at winning wars and moderately effective at pointless policing actions. The fact that our mission is political BS isn’t really the fault of the military.
Re: Re: Re: Consider this
Oh, of course you are. Which explains why you won the last two wars, in Iraq, and Afghanistan.
It also explains why the U.S. won in Viet Nam. And on the Korean peninsula.
In fact, everywhere the U.S. Army goes, they’re always the good guys, and they always win the war. And if we ever forget that, then the nightly network news makes sure to let us know. And if we ever begin to doubt, then Hollywood comes back with a feel-good movie to tell us the truth.
Weasel Word Wizard of the month
I hereby designate a new award, “Weasel Word Wizard of the month,” and nominate James Comey for this month’s champion, for his phrase, “…by what legal means we might ask.”
It’s obvious he couldn’t say what he really means, which is, “…by what draconian fines and terms of imprisonment we might impose to force our totalitarian vision upon these companies.” But that’s sort of unpalatable in this country, so instead we get this shyster BS.
Congratulations, Mr. Comey, you could describe the nuking of a city as a “pop-bottle rocket glitch.”
Benjamin Wittes is a totalitarianist wannabe. He justifies his views by saying, “So long as a secret warrant is issued by the totalitarian government, that makes it all OK”.
The government would never abuse such a system to secretly spy on say, heads of state (Merkel cough cough), or decrypt messages for the purpose of economic espionage.
Who would believe such far fetched claims! Of course that would never happen! We can “trust” them with total access to all global communications. What could possible go wrong?
OK then. Lets try that!
Regarding the liability question. If a crime is committed using technology (they made a phone call!), then the company is liable?
If they do that, then they are going to hold every gun company liable for every murder done with a gun. How is that different? What if someone gets stabbed? Are they going to sue Victorianox for making a “weapon”?
Are they going to sue Ford for making the car that that kidnapper used?
The government better be careful what it wishes for. If if gets it, it is going to bit them in the ass.
Seems like a win-win situation for the government: they either get their unicorn, or they get a new stick they can use to keep those uppity tech companies in line.
We shouldn’t be discussing “golden keys” for encryption. Only tyrants want that.
Fascism 101 : The art of misdirection.
Y’all do realize that this is the new USG Version 2.0 that were discussing here.
The fact that they even mentioned this “idea” to the public means they have already initiated a secondary backdoor process that will remain in effect secretly after this publically discussed “idea” gets repeatedly shot down in flames and is finally loudly dropped with much fanfare and tooting of horns.
Its the Amurikin Vay, doncha know.
—
Re: Fascism 101 : The art of misdirection.
For Apple, sure. Their cult followers are happy to let Apple run their lives for them.
But for Google to do that would annihilate any trust that remained after their name was all over the Snowden releases. They still haven’t been able to be completely transparent about their cooperation with the FBI.
If they were super-sharp about it, they’d make the Android crypto open source, and implement a means where people can choose one of several crypto modules.
That way individuals can opt-in to a unicorn keyed crypto if they so chose.
Re: Re: Fascism 101 : The art of misdirection.
I don’t think companies like Google will have any choice, if the USG secretly passes – or has already passed – new laws that make it a criminal offense to refuse the USG’s demands for assistance in the War on Terror.
I suspect the real backdoor will be accomplished through hardware, secretly implanted at the factory level by corporations and businesses due to secret Government Enforcement and financed at least partially through taxpayer funding, and the debate over backdoors for police use will end with the government apparently losing the battle and dropping the idea.
I think the game plan is to make the public think that these “discussions” about how companies “should” allow a police based backdoor be installed into their devices to protect the public from terrorists, means that a universal Magic Key software-based backdoor system is the only plan for public-owned device surveillance that the USG is fielding.
The Feds never bring the public into these kinds of debates unless its to pull the wool over their eyes.
By allowing the dialogue to end eventually with the technologists winning the debate via simple logic –
ANY NON-WHITE RABBIT CAN ENTER ANY RABBIT-SIZED HOLE WHETHER ITS MARKED WHITE RABBITS ONLY OR NOT
– the debate’s end is supposed to make the general public think it has won the day and that no such backdoors will be forthcoming.
As with all the other “Secret” dealings the USG has with Corporate America, the real backdoors are already being installed, willingly, or under duress, as a hardware component, cleverly disguised as something everyone who might examine the device in question, would expect to find in such a device.
This is also the way to establish a “fool the terrorist” ploy – by making everyone believe the USG has decided to NOT use backdoors, the government can secretly argue to each Corporate B. of D., that the companies are doing a “patriotic” thing via the secret hardware add-on, because the terrorists will also think the USG dropped the universal backdoor idea and not look for one to exploit.
This is their Sneaky Real Magic Backdoor Key – an invisible Keyhole that nobody knows exists.
Sorry about that. It always hurts my head when I try and think in government mode. Its that old “ends justify means” thing that gets that loop of loopie logic started going in a circle.
—
So what difference does that make? The phone is not on the girl, so it can’t be used to track her. The call record can be obtained from the phone company, so they can still find out who spoke with her most recently. Do they really think the phone might have a working “Locate My Owner” app installed if they could only break into it?
Worse is that if the phone was not encrypted, or the encryption was so weak that anyone with a standard backdoor passcode could decrypt it, then if she were to lose or leave it anywhere that a kidnapper could access it they would have all the information that they would need to kidnap her. A list of all her friends and family, her daily routine and travel patterns, what school she goes to, when she is normally alone and vulnerable, what things she likes, and much more.
What’s more, I wouldn’t trust Comey not to abduct the girl himself just to try to justify making the rest of us vulnerable to intrusion on all of our electronic devices.